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CLAIMS : 

What is claimed is: 

1. A method for managing a user key used to sign a 
message for a data processing system, said method 
comprising : 

assigning a user key to a user and storing the user 
key in a data processing system for encrypting messages; 

encrypting the messages with the user key; 

storing an associated key in the data processing 
system and encrypting the user key with the associated ke 
to obtain an encrypted user key; 

communicating encrypted messages in conjunction with 
the encrypted user key to validate an association of the 
user with the encrypted messages; and 

thereafter, preventing validation of the association 
of the user with messages by revoking the associated key. 
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2. The method according to Claim l, further comprising: 

decrypting the user key with the associated key; and 
decrypting the messages with the user key. 

3. The method according to Claim 1, wherein the data 
processing system further comprises a client system having 
a client memory device coupled to a server system having 
an encryption chip and a server memory device and wherein: 

storing the user key in a data processing system for 
encrypting messages further comprises storing the user key 
in the client memory device; 

storing the associated key in the data processing 
system further comprises storing the associated key in the 
server memory device; and 

preventing validation further comprises preventing 
the validation of the messages associated with the user by 
eliminating the associated key from the server memory 
device . 

4. The method according to Claim 3, wherein encrypting 
the messages further comprises: 

sending the messages to be encrypted from the client 
system to the server system; 

encrypting the messages using the encryption chip of 
the server system; and 



sending the encrypted messages from the server system 
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to the client system. 

5. The method according to Claim 4, further comprising: 

erasing from the server system all data relating to 
the encrypted messages after the encrypted messages are 
sent from the server system to the client system. 

6. The method according to Claim 1, further comprising: 

encrypting the associated key by using an encryption 
chip key which is stored on an encryption chip of the data 
processing system. 

7. The method according to Claim 6, further comprising: 

encrypting the associated key with the encryption 
chip key; and 

communicating an encrypted associated key to validate 
the association of the user with the encrypted messages. 

8. The method according to Claim 7, further comprising: 

decrypting the associated key with the encryption 
chip key. 
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1 9. A system for managing a user key used to sign a 

2 message for a data processing system, said system 

3 comprising: 

4 means for assigning a user key to a user and storing 

5 the user key in a data processing system for encrypting 

6 messages; 

7 means for encrypting the messages with the user key; 

8 means for storing an associated key in the data 

9 processing system and encrypting the user key with the 
10 associated key to obtain an encrypted user key; 

u 

liyj means for communicating encrypted messages in 

12"^] conjunction with the encrypted user key to validate an 

131*6 association of the user with the encrypted messages; and 

Hi 

I 

14 pj means for thereafter preventing validation of the 

15 !L association of the user with messages by revoking the 

16Q3 associated key. 
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1 10. The system according to Claim 9, further comprising: 

2 means for decrypting the user key with the associated 

3 key; and 

4 means for decrypting the messages with the user key. 

1 11. The system according to Claim 9, wherein the data 

2 processing system further comprises a client system having 

3 a client memory device coupled to a server system having 

4 an encryption chip and a server memory device and wherein: 



5 said means for storing the user key in a data 

6 processing system for encrypting messages further 

7^ comprises means for storing the user key in the client 

8-gl memory device; 

y s 

9y1 said means for storing the associated key in the data 

10?^ processing system further comprises means for storing the 

llg associated key in the server memory device; and 

E— * 

12 ffj said means for preventing validation further 

13?? comprises means for preventing the validation of the 

14 p messages associated with the user by eliminating the 

15 associated key from the server memory device. 



1 12. The system according to Claim 11, wherein said means 

2 for encrypting the messages further comprises: 



3 means for sending the messages to be encrypted from 

4 the client system to the server system; 



5 
6 



means for encrypting the messages using the 
encryption chip of the server system; and 
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means for sending the encrypted messages from the 
server system to the client system. 

13. The system according to Claim 12, further comprising: 

means for erasing from the server system all data 
relating to the encrypted messages after the encrypted 
messages are sent from the server system to the client 
system. 

14. The system according to Claim 9, further comprising: 

means for encrypting the associated key by using an 
encryption chip key which is stored on an encryption chip 
of the data processing system. 

15. The system according to Claim 14, further comprising: 

means for encrypting the associated key with the 
encryption chip key; and 

means for communicating an encrypted associated key 
to validate the association of the user with the encrypted 
messages . 

16. The system according to Claim 15, further comprising: 

means for decrypting the associated key with the 
encryption chip key. 



17. A program product for managing a user key used to 
sign a message for a data processing system, said program 
product comprising : 
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4 a control program including: 

5 instruction means for assigning a user key to a user 

6 and storing the user key in a data processing system for 

7 encrypting messages; 

8 instruction means for encrypting the messages with 

9 the user key; 

10 instruction means for storing an associated key in 

11 the data processing system and encrypting the user key 

12 with the associated key to obtain an encrypted user key; 



instruction means for communicating encrypted 
messages in conjunction with the encrypted user key to 
validate an association of the user with the encrypted 
messages; 

instruction means for thereafter preventing 
validation of the association of the user with messages by 
revoking the associated key; and 

computer usable media bearing said control program. 
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18. The program product according to Claim 17, further 
comprising : 

instruction means for decrypting the user key with 
the associated key; and 

instruction means for decrypting the messages with 
the user key. 

19. The program product according to Claim 17, wherein 
the data processing system further comprises a client 
system having a client memory device coupled to a server 
system having an encryption chip and a server memory 
device and wherein: 

said instruction means for storing the user key in 
data processing system for encrypting messages further 
comprises instruction means for storing the user key in 
the client memory device; 

said instruction means for storing the associated k 
in the data processing system further comprises 
instruction means for storing the associated key in the 
server memory device; and 

said instruction means for preventing validation 
further comprises instruction means for preventing the 
validation of the messages associated with the user by 
eliminating the associated key from the server memory 
device . 

20. The program product according to Claim 19, wherein 
said instruction means for encrypting the messages furth 
comprises : 
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instruction means for sending the messages to be 
encrypted from the client system to the server system; 

instruction means for encrypting the messages using 
the encryption chip of the server system; and 

instruction means for sending the encrypted messages 
from the server system to the client system. 

21. The program product according to Claim 20, further 
comprising : 

instruction means for erasing from the server system 
all data relating to the encrypted messages after the 
encrypted messages are sent from the server system to the 
client system. 

22. The program product according to Claim 17, further 
comprising : 

instruction means for encrypting the associated key 
by using an encryption chip key which is stored on an 
encryption chip of the data processing system. 

23. The program product according to Claim 22, further 
comprising : 

instruction means for encrypting the associated key 
with the encryption chip key; and 



instruction means for communi 
associated key to validate the ass 
with the encrypted messages. 



eating an encrypted 
ociation of the user 
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24. The program product according to Claim 23, further 
comprising : 

instruction means for decrypting the associated key 
with the encryption chip key. 



